09 May 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
XCodeGhost 7 9
Moriya Rootkit 5 36
NotPetya Ransomware 3 4
dnsenum 2 2
Hancitor 2 10
DarkSide Ransomware 3 7
Cuba Ransomware 2 16
Bad Rabbit Ransomware 1 1
SpyEye Trojan 1 2
Citadel Trojan 1 2
Data Breaches
19 petabytes of data exposed across 29,000+ unprotected databases hxxps://securityaffairs[.]co/wordpress/117660/data-breach/data-exposed-unprotected-databases.htmlSecurityblog – Twitter – May 08 2021 20:0019 petabytes of data exposed across 29,000+ unprotected databases hxxps://securityaffairs[.]co/wordpress/117660/data-breach/data-exposed-unprotected-databases.html
When we get more details, they are going to blame this ransomware on a perimeter breach, like phishing or an unpatched server exposed to the public Internet.ErrataRob – Twitter – May 08 2021 19:21When we get more details, they are going to blame this ransomware on a perimeter breach, like phishing or an unpatched server exposed to the public Internet.
19 petabytes of data exposed across 29,000+ unprotected databases
hxxps://securityaffairs[.]co/wordpress/117660/data-breach/data-exposed-unprotected-databases.html
#securityaffairs #hacking
securityaffairs – Twitter – May 08 2021 08:3219 petabytes of data exposed across 29,000+ unprotected databases
hxxps://securityaffairs[.]co/wordpress/117660/data-breach/data-exposed-unprotected-databases.html
#securityaffairs #hacking
Hacker Groups
TheDarkOverLord (TDO) allegedly back in the game.

Claiming to sit in terabytes of stolen data. hxxps://twitter[.]com/UnderTheBreach/status/1390984137708818437/photo/1UnderTheBreach – Twitter – May 08 2021 10:57TheDarkOverLord (TDO) allegedly back in the game.

Claiming to sit in terabytes of stolen data. hxxps://twitter[.]com/UnderTheBreach/status/1390984137708818437/photo/1

RT @UnderTheBreach: TheDarkOverLord (TDO) allegedly back in the game.

Claiming to sit in terabytes of stolen data. hxxps://twitter[.]com/UnderTheBreach/status/1390984137708818437/photo/1UnderTheBreach – Twitter – May 08 2021 20:24RT @UnderTheBreach: TheDarkOverLord (TDO) allegedly back in the game.

Claiming to sit in terabytes of stolen data. hxxps://twitter[.]com/UnderTheBreach/status/1390984137708818437/photo/1

SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]The CyberWire – May 08 2021 07:00Guest Mike McLellan from Secureworks joins us to share his team's insights about SUPERNOVA and threat group attribution. Similarities between the SUPERNOVA activity and a previous compromise of the network suggest that SPIRAL was responsible for…
ShinyHunters is Leaking Data of all the Big ConglomeratesE Hacking News – May 08 2021 10:13Following the hacking of masked credit and debit card data belonging to crores of Juspay customers, independent cybersecurity analyst Rajshekhar Rajaharia reported on January 6, 2021, that the same hacker, likely branded as 'ShinyHunters,' is now…
Malware
Colonial Pipeline* has not clarified yet whether this is a ransomware attack. The other pipeline operator hit with ransomware last year was held hostage by Ryuk, a Russian-based cybercriminal group that goes for “big game” targets.nicoleperlroth – Twitter – May 08 2021 15:42Colonial Pipeline* has not clarified yet whether this is a ransomware attack. The other pipeline operator hit with ransomware last year was held hostage by Ryuk, a Russian-based cybercriminal group that goes for “big game” targets.
Malspam Campaign Uses Hancitor to Download Cuba RansomwareBankInfoSecurity – May 08 2021 15:40Attackers have Co-Opted Malware For…
@pwnallthethings @WeldPond And this is just ransomware. Not a real attack, unlike NotPetyathegrugq – Twitter – May 08 2021 13:33@pwnallthethings @WeldPond And this is just ransomware. Not a real attack, unlike NotPetya
@TripKrant We’ve worked incident response cases with ransomware, and specially darkside, in OT networks. So not a big leapRobertMLee – Twitter – May 08 2021 19:22@TripKrant We’ve worked incident response cases with ransomware, and specially darkside, in OT networks. So not a big leap
Vulnerabilities
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild hxxps://thehackernews[.]com/2021/05/top-11-security-flaws-russian-spy.html via @TheHackersNewsopexxx – Twitter – May 08 2021 13:47Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild hxxps://thehackernews[.]com/2021/05/top-11-security-flaws-russian-spy.html via @TheHackersNews
VMware Patches Another Critical Flaw Reported by Sanctioned Russian Security Firm Positive Technologies hxxps://www[.]securityweek[.]com/vmware-patches-critical-flaw-reported-sanctioned-russian-security-firmSecurityWeek – Twitter – May 08 2021 12:11VMware Patches Another Critical Flaw Reported by Sanctioned Russian Security Firm Positive Technologies hxxps://www[.]securityweek[.]com/vmware-patches-critical-flaw-reported-sanctioned-russian-security-firm
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the WildTHN : The Hacker News – May 08 2021 12:32Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies…
Ongoing Campaigns
XcodeGhost and SolarWinds Orion are two supply chain attacks that clearly demonstrate where good proactive security engineer was and wasn’t. We will only make ourselves weaker by not understanding this. A 🧵:dinodaizovi – Twitter – May 08 2021 13:33XcodeGhost and SolarWinds Orion are two supply chain attacks that clearly demonstrate where good proactive security engineer was and wasn't. We will only make ourselves weaker by not understanding this. A 🧵:
RT @dinodaizovi: XcodeGhost and SolarWinds Orion are two supply chain attacks that clearly demonstrate where good proactive security engineer was and wasn’t. We will only make ourselves weaker by not understanding this. A 🧵:mubix – Twitter – May 09 2021 01:39RT @dinodaizovi: XcodeGhost and SolarWinds Orion are two supply chain attacks that clearly demonstrate where good proactive security engineer was and wasn't. We will only make ourselves weaker by not understanding this. A 🧵:
Microsoft warns of a large-scale BEC campaign to make gift card scamSecurity Affairs – May 08 2021 13:05Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the attacks. Business email compromise (BEC) attacks represent a serious threat for organizations…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal